import pyshark import struct import zlib import os from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes # --- Constants --- SESSION_KEY = bytes.fromhex("fb2ed4f1837a722b149df99a4021177e") SESSION_ID_LE = struct.pack('I', 'H', plaintext[offset:offset+2])[0] offset += 2 if presence_flags & 4: protocol_type = plaintext[offset] offset += 4 # Skip protocol type (1) and port (3) if presence_flags & 8: offset += 8 # Skip destination (8) if presence_flags & 16: offset += 8 # Skip source constant ID (8) is_compressed = bool(msg_flags & 0x10) # Extract the pure application payload raw_payload = plaintext[offset:offset+payload_size] if protocol_type != 0x81: continue if payload_size >= 0xB: if is_compressed: continue else: with open(f"smm2_streams/pkt{i}_msg{msg_count}_proto{protocol_type:02x}.bin", "wb") as f: f.write(raw_payload) success_count += 1 # PIA Messages are always padded to 4-byte boundaries offset += payload_size align = (4 - (offset % 4)) % 4 offset += align except AttributeError: continue except Exception as e: continue cap.close() print(f"\n[+] Finished! Extracted {success_count} payloads to 'smm2_streams' folder.")